There are a lot of different tools available to network administrators to capture network packets for analysis. Actually making sense of those packets and visualizing what they mean is often another task altogether.
In an effort to help navigate network packets, Wild Packets is debuting a new tool called Compass Live to provide real-time analysis capabilities. The Compass Live solution can pull in packet captures from one of Wild Packets own Omnipeak devices or by way the open source Wireshark application.
“What’s interesting with Compass is that it’s basically meant as a high level graphical display of network traffic files,” Tony Barbagallo, vice president of marketing at WildPackets told InternetNews.com. “From those trace files, I can visually see the protocols from multiple end points in a single graph.”
Barbagallo added that the key capability of Compass is the ability to visualize information from packet trace files. He noted however that the software does not dig deeply into the packets the same way that Wireshark does.
“Compass is more as a visualization tool and really designed for rapid troubleshooting,” Barbagallo said.
As an example, Barbagallo said that a user can click on an IP address inside of Compass and then be shown all of the protocols for that IP address. When a user clicks on a protocol they are in turn shown all of the IP addresses associated with it. He added that Compass provides enables users to identify a correlation between nodes and protocols.
Barbagallo added that Compass Live works for both wired and wireless access points. In terms of how Compass Live is deployed, it’s a Windows application that runs on a user’s desktop. The system is meant as a personal troubleshooting tool for a network administrator and does not have built-in multi-user capabilities.
In terms of looking directly at the packets, like users can do with Wireshark already, Barbagallo argued that his customers rarely get down into the packets anymore.
“Today’s network engineer can see whatever they need to see withouth having to look at the packet payload,” Barbagallo said. “Obviously there are some exceptions, but I’d say 90 percent of the time you don’t need to see the payload in the packets to do network troubleshooting.”
Compass Live comes in both free and paid editions. Barbagallo explained that the free edition can only visualize one trace file at a time and cannot be connected to a network tap for real-time analysis.
“A lot of people use Wireshark because it’s free and they may not have budgets for any level of additional analysis,” Barbagallo said. “For companies where this really matters they pay for capabilities.”